I have received a mail regarding the early development of the OpenBSD IPSEC stack. It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack, in particular the IPSEC stack. Around 2000-2001.

Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products. Over 10 years, the IPSEC code has gone through many changes and fixes, so it is unclear what the true impact of these allegations are.

The mail came in privately from a person I have not talked to for nearly 10 years. I refuse to become part of such a conspiracy, and will not be talking to Gregory Perry about this. Therefore I am making it public so that -

(a) those who use the code can audit it for these problems, (b) those that are angry at the story can take other actions, (c) if it is not true, those who are being accused can defend themselves.

Of course I don't like it when my private mail is forwarded. However the "little ethic" of a private mail being forwarded is much smaller than the "big ethic" of government paying companies to pay open source developers (a member of a community-of-friends) to insert privacy-invading holes in software.

If the code was developed in the US I can guarantee the NSA required a "backdoor", exactly the same as all encryption developed in the US. Read "Crypto" by Stephen Levy and you'll start to understand the attitude of the US government. This will also help you understand the persecution of Julian Assange over WikiLeaks.

According to the e-mail from Gregory Perry the backdoors were implemented under direction from the FBI (don't think the NSA is mentioned). I take your point about the US government though I'm not sure this is in the same vein as something like the Clipper chip.

Yesterday, we reported on the allegations made by Gregory Perry. He claims that 10 years ago, several developers were paid by the FBI to implement hidden backdoors into OpenBSD's IPSEC stack. This has prompted a lot of speculation about the allegations' validity, and less than 24 hours later, it has descended into one person's word against that of others. Update: Jason Wright, too, denies all the allegations. "I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF). [...] It is a baseless accusation the reason for which I cannot understand."

Don't trust the US to do anything for the rest of the world - they are only interested in making massive profits for US corporations, many of whom have vested military interests, at the detriment of everyone else.